<?php
ob_start();
session_start();
if (!isset($_SESSION["admin"]))
{
  ob_end_clean();
  ob_get_clean();
  header("HTTP/1.0 403 Forbidden");
  header("Content-Type: text/plain; charset=UTF-8");
  exit(0);
}

header("Content-Type: text/html; charset=UTF-8");

$__FILEPATH__ = dirname(__FILE__)."/";

require_once($__FILEPATH__."../func_common.php");
require_once($__FILEPATH__."../class_def.php");
require_once($__FILEPATH__."../conf/info.php");

$mysqli = GetMysqliInstance();

if(isset($_POST["send"]))
{
   $file = $_FILES['userfile'];

   if ($file["error"]==1)
        die("<span style=\"color:red\">failed<br />filesize over uploadfile_max_filesize</span>");
   else if ($file["error"]==2)
        die("<span style=\"color:red\">failed<br />filesize over html_max_file_size</span>");
   else if ($file["error"]==3)
        die("<span style=\"color:red\">failed<br />file only uploaded partial</span>");
   else if ($file["error"]==4)
        die("<span style=\"color:red\">failed<br />file is not existing</span>");
      
   $ip    = GetRequestIP();
   $size  = $file["size"];
   $user  = $_SESSION["user"];
   $time  = GetSysTime();
   $intraduce = $_POST["intra"];
   $filename = $file["name"];
   $src = "uploadedfile/".md5($time.$file["name"]);

   if (strlen($intraduce) > 10000)
   {
   		echo "failed [简介的描述过长， 最大10000个字符]";
   		exit(0);
   }

   if (strlen($filename) > 250)
   {
      echo "failed [文件名过长， 最大250个字符]";
      exit(0);
   }

   move_uploaded_file($file["tmp_name"], $src) or die("failed");

   if ($intraduce == "")
      $intraduce = "暂无描述";

   $strsql = "insert into filelist(filename, src, size, time, ip, user, intraduce) values(?, ?, ?, ?, ?, ?, ?)"; 
   $stmt = $mysqli->prepare($strsql);
   $stmt->bind_param("ssissss", $filename, $src, $size, $time, $ip, $user, $intraduce);
   $stmt->execute();
   $stmt->close();
}
else if(isset($_POST["delete"]))
{
    $fid = intval($_POST["fid"]);
    echo $fid;
    $ret = false;
    $result = $mysqli->query("select src from filelist where id = $fid");
    if ($result)
    {
        if ($row = $result->fetch_array(MYSQLI_ASSOC))
        {
            $src = $row["src"];
            echo $src;
            $ret = true;
        }

        $result->close();
        
        if ($ret)
          $ret = $mysqli->query("delete from filelist where id=$fid");
    }
    
    if(!$ret || !unlink($__FILEPATH__."../../admin/".$src))
    { 
    	 echo "<script type=\"text/javascript\">alert('failed');</script>";
    }
} 

$PageArray = array();
$PageArray["filelist"] = array();
$result = $mysqli->query("select * from filelist order by time desc limit 0,10", MYSQLI_USE_RESULT);
if ($result)
{
	while($row = $result->fetch_array(MYSQLI_ASSOC))
	{
		$FileItem = new FileListItem();
		$FileItem->id 			= $row["id"];
		$FileItem->user 		= $row["user"];
		$FileItem->ip 			= $row["ip"];
		$FileItem->time 		= $row["time"];
		$FileItem->size 		= $row["size"];
		$FileItem->downcnt 		= $row["downcnt"];
    $FileItem->src        = $row["src"];
		$FileItem->filename 	= $row["filename"];
		$FileItem->intraduce 	= $row["intraduce"];

		$PageArray["filelist"][] = $FileItem;
	}
	$result->close();
}


$mysqli->close();

?>